An increase in identify thefts has increased the importance of data protection and secure data transportation. Currently most organizations do not have information regarding shipments of media containing sensitive information relating to a customer or the organization. The lack of consolidated, actionable data about media shipments makes it difficult to accurately measure risk and accountability of the shipments.
Media containing sensitive information is typically shipped for disaster recovery/back-up and/or due to a customer request and/or for vendor use and/or a legal/regulatory requirement etc. Conventional systems do not inventory electronic media that is shipped within an organization or externally to third parties and cannot provide associated activity and compliance metrics reports. Thus, traditional systems fail to understand the accountability for electronic media in transport and stored off-site and/or the magnitude of potential exposure and do not assess compliance with corporate standards.
Typically, sensitive information can include, but is not limited to credit card details, bank account details, social security information, usernames, passwords or other proprietary information. Often, consumers receive notices that their account or personal information was lost or stolen. In most instances, there has not been evidence of fraud or identity theft from these incidents, although insufficient time may have elapsed to firmly conclude fraud has not occurred. Regardless, the events have a significant reputational impact on the companies affected by the events. Preliminary market analysis indicates that the market costs of security breaches can be as high as ten percent.
Typically, organizations ship production media between organization sites for off-site storage, or to vendors, or to customers. A significant amount of the data currently transported is highly sensitive in nature. Furthermore, the shipped media is rarely encrypted. External regulations, including state and federal legislation, require organizations to protect sensitive data, however, most organizations do not have a mechanism to track and ensure that media containing sensitive information is protected.